forked from Fediversity/Fediversity
Added to and polished Synapse configuration.
This commit is contained in:
parent
e6ed985e53
commit
65e551b74b
GPG key ID:
43DBCC37BFDEFD72
|
|
@ -146,7 +146,8 @@ This will ask for a password, choose a safe one.
|
||||||
Logging is configured in `log.yaml`. Some logging should go to systemd, the
|
Logging is configured in `log.yaml`. Some logging should go to systemd, the
|
||||||
more specific logging to Synapse's own logfile(s).
|
more specific logging to Synapse's own logfile(s).
|
||||||
|
|
||||||
This part is yet to be completed.
|
This part is yet to be completed, the default configuration is adequate for
|
||||||
|
most cases.
|
||||||
|
|
||||||
# Delegation and DNS {#Delegation}
|
# Delegation and DNS {#Delegation}
|
||||||
|
|
||||||
|
|
@ -163,8 +164,7 @@ JSON-code under `https://example.com/.well-known/matrix/server`:
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
"m.homeserver": {"base_url": "https://matrix.example.com"},
|
"m.homeserver": {"base_url": "https://matrix.example.com"}
|
||||||
"org.matrix.msc3575.proxy": {"url": "https://matrix.example.com"}
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
@ -280,7 +280,7 @@ password_config:
|
||||||
policy:
|
policy:
|
||||||
enabled: true
|
enabled: true
|
||||||
localdb_enabled: true
|
localdb_enabled: true
|
||||||
pepper: CxDC6jU5FAxAcvD
|
pepper: <random string>
|
||||||
minimum_length: 8
|
minimum_length: 8
|
||||||
require_digit: true
|
require_digit: true
|
||||||
require_symbol: true
|
require_symbol: true
|
||||||
|
|
@ -311,7 +311,7 @@ password_providers:
|
||||||
enabled: true
|
enabled: true
|
||||||
uri: "ldap://ldap.example.com:389"
|
uri: "ldap://ldap.example.com:389"
|
||||||
start_tls: true
|
start_tls: true
|
||||||
base: "ou=users,o=Example,dc=example,dc=com"
|
base: "ou=users,dc=example,dc=com"
|
||||||
attributes:
|
attributes:
|
||||||
uid: "uid"
|
uid: "uid"
|
||||||
mail: "mail"
|
mail: "mail"
|
||||||
|
|
@ -319,12 +319,12 @@ password_providers:
|
||||||
filter: "(&(objectClass=posixAccount)(accountStatus=active))"
|
filter: "(&(objectClass=posixAccount)(accountStatus=active))"
|
||||||
|
|
||||||
mode: "search"
|
mode: "search"
|
||||||
bind_dn: "cn=matrix,ou=service,o=Example,dc=example,dc=com"
|
bind_dn: "cn=matrix,ou=service,dc=example,dc=com"
|
||||||
bind_password: "<very secure password>"
|
bind_password: "<very secure password>"
|
||||||
```
|
```
|
||||||
|
|
||||||
This would connect to ldap.example.com over TLS, and authenticate users that
|
This would connect to ldap.example.com over TLS, and authenticate users that
|
||||||
live under `ou=users,o=Example,dc=example,dc=com` and that are active Posix
|
live under `ou=users,dc=example,dc=com` and that are active Posix
|
||||||
accounts. Users will not be able to change their passwords via Matrix, they
|
accounts. Users will not be able to change their passwords via Matrix, they
|
||||||
have to do that in LDAP.
|
have to do that in LDAP.
|
||||||
|
|
||||||
|
|
@ -411,6 +411,10 @@ Check for more information about [how to configure the TURN
|
||||||
server](../coturn) or [LiveKit](../element-call#livekit). You probably want
|
server](../coturn) or [LiveKit](../element-call#livekit). You probably want
|
||||||
LiveKit, but read on if you choose coturn.
|
LiveKit, but read on if you choose coturn.
|
||||||
|
|
||||||
|
It might be useful to use both coturn and LiveKit, so as to support both
|
||||||
|
legacy and EC calls, but you'd need to tweak the configurations so that they
|
||||||
|
don't bite each other.
|
||||||
|
|
||||||
Once you've set up your TURN server, configure it in
|
Once you've set up your TURN server, configure it in
|
||||||
Synapse, in `conf.d/turn.yaml`:
|
Synapse, in `conf.d/turn.yaml`:
|
||||||
|
|
||||||
|
|
@ -446,9 +450,9 @@ Add this bit of info to `conf.d/server_notices.yaml`:
|
||||||
server_notices:
|
server_notices:
|
||||||
system_mxid_localpart: server
|
system_mxid_localpart: server
|
||||||
system_mxid_display_name: "Server Notices"
|
system_mxid_display_name: "Server Notices"
|
||||||
# system_mxid_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
# system_mxid_avatar_url: "mxc://example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||||
room_name: "Server Notices"
|
room_name: "Server Notices"
|
||||||
# room_avatar_url: "mxc://matrixdev.example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
# room_avatar_url: "mxc://example.com/QBBZcaxfrrpvreGeNhqRaCjG"
|
||||||
room_topic: "Room used by your server admin to notice you of important
|
room_topic: "Room used by your server admin to notice you of important
|
||||||
information"
|
information"
|
||||||
auto_join: true
|
auto_join: true
|
||||||
|
|
@ -464,7 +468,7 @@ Every user gets his own room, so if you send a server notice to 100 users,
|
||||||
there will be (at least) 100 rooms by that name, all containing 1 user.
|
there will be (at least) 100 rooms by that name, all containing 1 user.
|
||||||
|
|
||||||
The option `auto_join` means that users will automatically join the room as
|
The option `auto_join` means that users will automatically join the room as
|
||||||
soon as it's created. They can leave afterwards, but they'll put into it again
|
soon as it's created. They can leave afterwards, but they'll be put into it again
|
||||||
as soon as they receive another server message.
|
as soon as they receive another server message.
|
||||||
|
|
||||||
The two commented out options are the avatars for user and room. This is a bit
|
The two commented out options are the avatars for user and room. This is a bit
|
||||||
|
|
@ -480,6 +484,9 @@ the thumbnailer. Pictures in encrypted rooms are stored as MIME type
|
||||||
[Homeserver Blocking](#blocking). Or, if you haven't defined a whitelist, at
|
[Homeserver Blocking](#blocking). Or, if you haven't defined a whitelist, at
|
||||||
least an image mimetype...
|
least an image mimetype...
|
||||||
|
|
||||||
|
Apparently this was a bug that's supposed to be fixed in Synapse 1.20, but we
|
||||||
|
haven't tested that yet.
|
||||||
|
|
||||||
You can find the ID of the picture in the database (table `local_media_repository`)
|
You can find the ID of the picture in the database (table `local_media_repository`)
|
||||||
or, more conveniently, in [Synapse-Admin](../synapse-admin), which is also
|
or, more conveniently, in [Synapse-Admin](../synapse-admin), which is also
|
||||||
where you'll want to go if you want to send a server notice.
|
where you'll want to go if you want to send a server notice.
|
||||||
|
|
@ -606,6 +613,24 @@ user_consent:
|
||||||
messages yet. Please read and accept the policy at %(consent_uri)s.
|
messages yet. Please read and accept the policy at %(consent_uri)s.
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Last bit it to enable the consent tracking on all listeners where `client` is
|
||||||
|
active. We have only one listener, so we add `consent` to that:
|
||||||
|
|
||||||
|
```
|
||||||
|
listeners:
|
||||||
|
- port: 8008
|
||||||
|
tls: false
|
||||||
|
type: http
|
||||||
|
x_forwarded: true
|
||||||
|
bind_addresses: ['::1', '127.0.0.1']
|
||||||
|
resources:
|
||||||
|
- names:
|
||||||
|
- client
|
||||||
|
- consent
|
||||||
|
- federation
|
||||||
|
compress: false
|
||||||
|
```
|
||||||
|
|
||||||
Restart Synapse for these changes to take effect.
|
Restart Synapse for these changes to take effect.
|
||||||
|
|
||||||
If you update your policy, you'll have to copy the current one to a new
|
If you update your policy, you'll have to copy the current one to a new
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue